First, regarding military malware's supposedly slow and stealthy spread. It's relative. Compared to something such as Conficker, most "non-military" malware is as quiet as a mouse. It's as stealthy as it needs to be.

Second, actually… Flame didn't really "spread". It was used in targeted attacks. Think sniper bullet, not germ warfare. (Stuxnet is a different story. But it wasn't supposed to spread in-the-wild.)

Third, if conventional malware writers want to evade detection they should adopt Flame's techniques? Look… most "conventional" malware writers don't actually use the malware they author. They sell it as a service. Buyers and users of malware kits have to pay for stealth. It isn't free. The real difference between crimeware and Flame/Stuxnet/DuQu is commoditization vs. specialization.

Let's use a real-world example.

Here's a screenshot from Securitas, a global provider of security services that employs more than 300,000 people.

And this is Iranian nuclear engineer Majid Shahriari's car soon after he was assassinated in November 2010 by unidentified assailants riding motorcycles that launched separate bomb attacks and detonated them from a distance.

Look carefully.

Can you spot the difference between the services Securitas typically provides and the protection Shahriari would have needed?